Description
An initial threat vector may be hosted on a website in the form of an Applet. The Applet would contain code to exploit CVE-2012-1723.The intent of the exploit is to surreptitiously download and execute additional malware on the infected system. An indication of this may be the presence unusual traffic to unknown domains.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)
Aliases -
Avast - Java:CVE-2012-1723-AM [Expl]
F-Prot - Java/Blacole.F
GData - Java:CVE-2012-1723-AM
Indication of Infection
The exploit may download arbitrary files.
This exploit attempts to download and execute additional malware to the infected system.
Methods of Infection
This threat exploits an unpatched vulnerability in Sun Microsystems Java.
This Trojan can be installed while browsing compromised websites.